Satori IoT Botnet Is Exploiting Zero Day To Zombify Huawei Routers

Although the original creator of the infamous Mirai IoT botnet was arrested and sent to prison, botnet options are known because of its source code on the Internet, which is still in play.

Hackers often used the infamous IoT botnet to pick up unprotected material from the Internet, including home and office routers that can be used by hackers at any time for DDoS-malicious Internet attacks.

Another version of Mirai IoT botnet was again successful and quickly spread, using the zero-day vulnerability in the Huawei home router model.

The synchronized Satori (also known as Okiku), the Mirai IoT botnet, which built the Huawei HG532 router model, as Check Point security researchers, is trying to pursue hundreds of thousands of attempts to exploit the vulnerability in the router model in Nature.

In early November Satori IoT botnet was discovered by the researchers of Check Point. Satori IoT botnet infected more than 200 000 IP-addresses just 12 hours earlier this month, according to an analysis of the Chinese security company 360 Netlab on December 5.

The researchers suggested that an unmistakable hacker named Nexus Zeta, performing remote code with zero-day (CVE-2017-17215), uses Huawei HG532 devices, according to a new report released on Thursday by Check Point.

The vulnerability is explained by the fact that the implementation of the protocol TR-064 (standard technical report), application-level protocol for remote management of Huawei devices on the Internet using UPnP (Universal Plug and Play) protocol was exhibited at port 37215e

“TR-064 was developed and defined for the configuration of the local network,” the report says. “For example, this allows the technician to implement the basic device configuration, firmware updates and much more from the internal network.”

Because this remote attacker vulnerability allowed arbitrary commands to be executed on the device, hackers used this error to load malicious payloads on Huawei routers and to start and boot the Satori IoT botnet.

“The number of packets used for the flood action and their respective parameters are transmitted by the C & C server,” the researchers say. “In addition, the C & C server can send one IP address for attacks or a subnet with a subnet address and a certain number of value bits.”

Although the researchers observed a wave of attacks on Huawei HG532 devices around the world, the most affected countries are the USA, Italy, Germany, and Egypt.

Researchers at Check Point found Huawei’s vulnerability “invisibly” after confirming their results. The company confirmed the vulnerability and issued an updated security notice to customers on Friday.

“An authenticated attacker can send malicious packets to port 37215 to launch attacks. Successful exploitation can lead to arbitrary code execution, “Huawei said in its security decision.

The company also proposed some measures that could circumvent or prevent the feat. This included using the built-in firewall function, changing the standard credentials of their devices, and providing a firewall on the media side.

Users can also install Huawei NGFWs or the Firewall Data Center and update their IPS signature database to the latest version of IPS_H20011000_2017120100, which was released on December 1, 2017, to detect this error and protect it,

Official Hacker is your news, tips and tricks website. We provide you with the latest hacking news and hacking tutorials straight from the cyber industry.
OUR MOTTO:- Security In a Professional Way.
According To FeedSpot, We Are Awarded As One Of The Top 75 Hacker Blogs Available On The Web. (Securing 45th Position)